I have set up in our Amazon environment 3 ePO servers version 5.1 and I'm struggling obtaining some reports that could provide me the following information:
1. Log file evidence of previous on access and on demand scans that are occurring.
2. Evidence of the on access and on demand policy enforcement for each servers managed by ePO.
3. Evidence of DAT file updates and the schedule for the indicated servers.
4. Evidence of the policy for updating the definitions from McAfee and the schedule.
First of all let me provide you some details about the current setup:
We have 3 ePO servers that are managing Linux and Windows boxes using the VirusScan Enterprise 8.8 and VirusScan Enterprise for Linux 1.9.0 extensions. I have set up on-demand client tasks for full and memory scans and created some on access policies for them.
Now there are a few problems that I’m currently facing and even though I’ve searched on the forums I didn’t find an answer to them…
- Where can I find the ePO server logs regarding the tasks created? For instance when I’m running a task by hand where does the server logs information about this? I’ve checked most of the log files in the ePO server but nothing will gave me some details if the task was completed or not.
- On demand tasks should store the logs locally based on a location defined by me. This should be done by writing on a local file e.g.C:\McAfeeLogs\OnDemandScanLog.txt but for some reason this file is not being created when I’m running the tasks by hand. Also it worth mentioning that the tasks are being ran using an active directory user with full administrator rights.
- Let’s say that everything works properly - on demand and on access scans are being done as scheduled (which apparently they are doing based on the CPU usage). What should I do for obtaining a report that could provide me the information listed at the beginning of this post? I saw that there is an extension for VirusScan Enterprise - VirusScan EnterpriseReports but from what I’ve seen there aren’t any data related toon-demand scans… So is this something that can be achieved using the ePO reporting tool? If not should I parse all the server logs stored locally for generating this report?
There are a couple of other questions but for now if someone could help me with this I would really appreciate it.
Thanks in advance for your help!